PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
#include <byte_buffer.h>
Public Member Functions | |
ByteBuffer () | |
ByteBuffer (const ByteBuffer &p1) | |
~ByteBuffer () | |
virtual ByteBuffer & | operator= (const ByteBuffer &p1) |
bool | isValidPtr (BYTE *field_bgn, size_t field_size) |
bool | isDataContained (const BYTE *rawData, size_t r_size) |
bool | allocBuffer (size_t size) |
void | freeBuffer () |
Public Member Functions inherited from pesieve::util::BasicBuffer | |
BasicBuffer () | |
bool | isFilled () |
void | trim () |
size_t | getStartOffset (bool trimmed) const |
size_t | getDataSize (bool trimmed=false) const |
const BYTE * | getData (bool trimmed=false) const |
Protected Member Functions | |
bool | copy (const ByteBuffer &p1) |
Additional Inherited Members | |
Public Attributes inherited from pesieve::util::BasicBuffer | |
BYTE * | data |
Protected Attributes inherited from pesieve::util::BasicBuffer | |
size_t | real_start |
size_t | real_end |
size_t | padding |
size_t | data_size |
Definition at line 88 of file byte_buffer.h.
|
inline |
Definition at line 90 of file byte_buffer.h.
|
inline |
|
inline |
|
inlineprotected |
|
inline |
Definition at line 138 of file byte_buffer.h.
|
inlinevirtual |